Você está na página 1de 35

Sun Infrastructure Solution for Network Identity

Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

Timothy Siu SE Manager, JES Nov/10/2003


sun.com/solutions/ infrastructure/ni

Agenda

The value of network identity Solving business problems with network identity Sun Infrastructure Solution for Network Identity Examples and Business Scenarios Why Sun is the right choice

Identity Management is More Than Web Single Sign-On


Identity is at the core of your business, affecting how you securely interact and build trusted relationships with your customers, partners, suppliers, and employees

A set of business processes, technologies, and operational infrastructure for managing the lifecycle of an identity and its relationship to business applications and services3

What is an Identity?

An identity might be an employee, customer, partner, or supplier, but it might also be a package or a product! Identities have lifecycles, and business rules governing their creation and deletion are important to your security Business applications are not uniformly accessed by all identities, and role-based access helps keep your businesscritical data secure Sun Infrastructure Solution for Network Identity is the fusion of identity management, security, authentication, authorization, access, and provisioning, all inside of a policy-based framework.
4

The Value of Network Identity


Implementing a network identity solution can benefit your business by:

Radically reducing cost by improving operational efficiencies with self service, delegated administration, identity consolidation and automated provisioning Greatly improve user experience and productivity with single sign-on and self service Vastly increase revenue opportunities through affinity, loyalty and partnership programs using federated services Significantly lower business risk by improved privacy and regulatory compliance through access management and Liberty Alliance architecture
5

Which of These Questions Keep You Awake at Night?


Business Development Manager

Mergers & Acquisitions VP

How do I implement a friends and family plan to increase revenues? How do I efficiently integrate new partners and suppliers into my business processes? How do I manage the 'soft' supply chain that includes life, dental, health, disability, retirement, and flexible spending plans?

How do I avoid creating identity silos when companies are acquired? How do I reliably set up accounts for new employees and make sure they are closed immediately upon termination? How do I support mobile employees at drop-in centers, home offices, or on wireless devices?
6

IT Director

HR Director

Do You Know...

How many passwords do your users have?

The average is 21! Half write them down, and 2/3 rarely or never change them (Source: 2002 NTIA Monitor Password Survey, UK; zdnet.com)

How much time do your administrators spend re-setting passwords?

45% of help desk calls are for re-setting passwords, and the cost ranges from $51 to $147 for non-automated environments (Source: Meta Group, 2002; Gartner, 2002, respectively)

How many ex-employees and contractors have access to your systems?

An average of 20 percent, perhaps because the typical IT organization has 10 different systems maintaining identity information with no synchronization (Source: Gartner, 2003; Sun customer survey 2002)

These issues not only reduce your competitiveness -they put you at risk!

Why Does the Problem Need Attention?


"Effective management of users' identity, credential, and access rights must be implemented by organizations, not as a differentiator but as mandatory security consideration, a business imperative and a non-negotiable user expectation"
(Source: Meta Group, 2002)

"Through 2004, 70 percent of extranet access management deployments will be tied to reducing operational costs, which will place a premium on pre-integrated solutions, short payback periods ... .7 probability).
(Source: Gartner, 2003)
8

Network Identity Helps You Fix Common Business Problems


Customers Suppliers Partners Employees

Network identity addresses common points of pain across all of the groups that companies interact with

Productivity

Competing Needs

Administration Costs

Security, Privacy, Policy

Interoperability

Each line in this figure corresponds to a cell in a table


9

Dynamic Portal Service Delivery


Full Feature Trusted with Token Web Top Browser Client Portal

View & Features Varies by Individual User and Group

XML UDDI Business Registry

R JAX P S OA

UBR

View & Features Varies by Type of Connection

Portal Server Directory Service Service Service Service Application Server Content Communications / Messaging Management, KM, DM, Operating Environment Channels
Limited Features

Legacy ERP

Sun Servers & Storage Sun Servers & Storage


10

Network Identity Enabled Access


Full Feature Trusted with Token Web Top Browser Client Portal

View & Features Varies by Individual User and Group

XML UDDI Business Registry

R JAX P S OA

UBR

View & Features Varies by Type of Connection

Portal Server Directory Service Service Service Service Application Server Content Communications / Messaging Management, KM, DM, Operating Environment Channels
Limited Features

Legacy ERP

Sun Servers & Storage Sun Servers & Storage


11

Sun's Strategic Approach


1) Assess network identity requirements and create a strategy 2) Implement a pre-integrated solution 3) Use qualified Sun strategic partners to add secure rolebased applications 4) Use Sun's experienced consultants to integrate valueadded services 5) Expand interoperability and federated services through Federation Liberty Alliance Increase Revenue standards

Identity Services Reduce Costs Identity Management Increase Security


12

The Sun Infrastructure Solution for Network Identity


Reduces cost and complexity by integrating and testing innovative products Includes hardware, software, storage, and services all for one low price Uses qualified partners Works out-of-the-box Integrates with existing IT infrastructure, including legacy systems Uses repeatable methodologies and reference architectures to reduce time-to-market Provides comprehensive support and services
14 13

Solution Features and Benefits


Feature
Manage and secure access to network applications and services, enabling mobility and device independence Synchronize diverse identity-related data sources Integrate identity management into company workflows and policies Improve employee, partner, and customer experience through Web single sign-on Delegating administrative authority including self-provisioning Federated services through Liberty Alliance architecture Facilitate regulatory compliance

Benefit
Reduces administration costs while increasing security and mobility Reduces risk inherent with multiple logins and identity credentials Automating manual procedures increases productivity, reduces cost, and is less errorprone Increases productivity and enables innovative marketing programs to increase revenue Increases process efficiencies and reduces costs, including call-center overhead Creates new revenue-generating and marketing opportunities Improves privacy and demonstrates implementation of government regulations
14

Sun Infrastructure Solution for Network Identity Architecture

Integrating into enterprise businessprocesses requires additionalcomponents and services The combination of people, policy,and technolgy is the solution!

Employee

Supplier

Customer

Partner

Portal Server

Meta Directory

Identity Server Directory Server


Profiles /Attributes SSO Authorization Audit Federation Authentication

Workflow Management

Central Directory

PBX

Messaging MS Active HR Database Server Directory

Self-service

Identity Provisioning & Synchronization

Certificate Sevices & Management

Policies

Administration

Application Security

Identity Management

15

Sun Infrastructure Solution for Network Identity Software

Sun ONE Identity Server

Central Access Management, authentication, Web SSO, federation, self-service, delegated authority Stores identity profiles Massive scalability Multi-platform

Sun ONE Directory Server

Sun ONE Identity Server

Sun ONE Directory Server


Sun One Meta-Directory


Consolidates & synchronizes identity information Works with Microsoft Active Directory

Sun ONE MetaDirectory


16

Network Identity Services (I)

Directory Services

The scalable, high speed data repository foundation for Identity Management Sun ONE Directory Server, Sun ONE Meta Directory, and Sun ONE Identity Synchronization for Windows New Capabilities:

Performance, Scalability, High Availability


64-bit addressing and linear scalability up to 12 CPUs enables data center consolidation 4-way multi-master replication enables high availability, reliability and disaster mgmt initiatives Attribute encryption, fractional replication, multiple password policies helps address government regulatory compliance, privacy issues Multi-protocol front end design - LDAP, DSML, futures - reduces TCO

Security and Managability


17

Network Identity Services (II)


Identity Services
Managing a user's account lifecycle, application access, web single sign on and federation, via centralized, delegated and self-service administration. Sun ONE Identity Server New Features:

Platform Support:

Sun ONE App Server, BEA WebLogic, IBM WebSphere Solaris x86 support

Liberty 1.1 Additional Authentication Types Filtered roles support for user management Password reset/Forgotten password

18

Identity Services -- Did you Know?


Sun ONE Directory Server

Outperforms the leading competitor by up to 10X Is the first 64-bit LDAP server on Solaris and HP-UX Is the first LDAP product to provide Class of Service for managing large scale deployments Powers 8 of the top 10 financial services companies in the US (Fortune 2002) Has over 1,500 installed base customers and 2B entries sold worldwide

19

Identity Services -- Did you Know?


Sun ONE Identity Server is

First commercially available Identity Management product to support both Liberty v 1.1 and SAML 1.0 Delivers Broadest application security support ever from Sun with over 75 agents available across different web servers, app servers, and operating systems First Identity Management product to support Solaris x86 Provides full standard support for

SAML, Liberty, JAAS, LDAP, SOAP, XML

Provides cost reductions for both human and system resources self service, password reset Supports heterogeneous legacy environments allowing for integration with wide range of application solutions

20

Sun Infrastructure Solution for Network Identity Services

Sun's solution is different because of the accelerated methodology it practices for implementing network identity solutions The Sun Services organization has tools to help you at every step along the way:

Assessment Strategy and Planning Architecture and Design Implementation Legacy Systems Integration and Migration

Rapid deployment possible because Sun has already integrated and tested the solution
21

Extend Your Network Identity Solution with Sun-Qualified Partners

Passlogix for enterprise single sign-on PeopleSoft, Siebel for workflow management Thor, WaveSet for identity provisioning ActivCard, Schlumberger for Java Card platform-based identity credentials Entrust, RSA, and Verisign for Public-Key Infrastructure (PKI) software
22

Benefits Summary

Increase revenue by knowing who you do business with and leveraging your improved relationship with your customers Radically reduce costs by improving operational efficiencies Reduce the chance for errors that cause lapses in security by automating manual procedures Significantly lower busienss risk by improved privacy, security, and regulatory compliance

23

Business Scenarios

Account provisioning

Adding a new employee using an automated workflow Delegating administration and enforcing role-based access Using a single identity credential for building access, application access, and secure remote access View full demonstrations of these topics and more at the Sun iForce center nearest you
24

Secure supply chain management

Managing a mobile workforce

Account Provisioning
Automated workflow Manager uses delegated
authority to add new employee via portal

New employee number

creates HR request for approval by HR department

created in identity system

E-mail accounts
HR Request

automatically created

Role-based access Process completion notification and


temporary password sent to manager

enabled for ERP systems

Automated workflow, single sign-on, delegated authority


25

Account Provisioning Features


Automatic account creation Identity synchronization across multiple systems Delegated administration Policy and role-based access Single sign-on across company applications User awareness in HR system Audit Trail
26

U.S. Army Accessions Command


Problem:

Enhance services delivered to disparate customer base GoArmy.com portal provides access to key information for command personnel as well as potential recruits Provides secure access to internal information through Internet, intranet, and extranet technologies Customized, role-based access to resources enabled using an identity-based solution External, Internet-facing portal provides information to potential recruits Sun ONE Identity Server Sun ONE Portal Server Sun ONE Directory Server Sun ONE Web Server
27

Solution:

Benefits:

Sun ONE Products:


Secure Supply Chain Management


Manager accesses partner company's
portal and uses delegated authority to change promoted employee's role

Promoted employee now can


perform job functions without incurring expenses at partner company

Employee is promoted from

order to inventory management and needs access to partner company's inventory control systems

Access to order entry

system at partner company is revoked

Access to inventory

control system at partner company established

Delegated authority, role-based policy enforcement, secure remote access


28

Supply Chain Management Features

Determines who has access to what resources Delegated administration Role-based policy enforcement Automated account creation and deletion Single sign-on functionality Secure remote access
29

Managing a Mobile Workforce


On the way to the office, employee Employee arrives at the office
and uses Java Card platform-based identity card for building access

checks calendar through wireless portal to verify first appointment

At home, employee uses identity card


to establish secure remote access to company portal and reads e-mail

Employee inserts identity card into


Sun Ray workstation to recover session state exactly as it was left yesterday

Single ID credential, secure multi-modal authentication, secure remote access

30

Managing a Mobile Workforce Features

Single identity card used in multiple contexts Foundation for a mobile infrastructure Secure remote access Unified authentication via central identity server to any device
31

Motorola Communication Services and Equipment


Problem:

Consolidate enterprise directory infrastructure Sun ONE Directory Server and Directory Proxy Server provide scalable, highly available directory services Provides a carrier class service scalable to millions of users for delivering secure and personalized content Centralized directory service streamlines administration processes and costs Provides a common developer framework for more efficient delivery of applications Sun ONE Directory Server Sun ONE Directory Proxy Server
32

Solution:

Benefits:

Sun ONE Products:


Why Sun?

Strategic approach to network identity that incorporates the interaction between people, policy,and technology Identity is managed by integrating innovative, open-standards-based products Sun's experienced consultants exercise a repeatable methodology Pre-configured, pre-integrated, pre-tested solution that you can trust and buy today for one low price Best-of-breed components from partners integrated to customize the solution for your enterprise Protects your investment, avoiding rip and replace implementations
33

Next Steps...

View complete demonstrations of the examples we've discussed Learn how the solution can integrate in your environment and address identity issues at your company Get started by using Sun's capability assessment tool Use Sun's expertise to build a proof-of-concept

34

Sun Infrastructure Solution for Network Identity


Timothy Siu timothy.siu@sun.com
sun.com/solutions/ infrastructure/ni

Você também pode gostar